Security recommendations
SIMATIC RF185C, RF186C, RF188C, RF186CI, RF188CI
Operating Instructions, 04/2020, C79000-G8976-C512-03
11
● The following algorithms are supported for encryption:
Supported
signature algorithms
Web browser SHA1
SHA256 with RSA
SHA384 with RSA
RSA 2048 bit
RSA 4096 bit
OPC UA SHA256 with RSA
SHA384 with RSA
RSA 2048 bit
RSA 4096 bit
● The following cipher suites are supported for HTTPS:
ECDHE-RSA-AES128-GCM-SHA256
ECDHE-RSA-AES256-GCM-SHA384
ECDHE-RSA-AES128-CBC-SHA256
ECDHE-RSA-AES256-CBC-SHA384
Firmware encryption
The firmware itself is signed and encrypted. This ensures that only authentic firmware can be
downloaded to the device.
Secure/non-secure protocols
● Check whether it is necessary to use SNMPv1. SNMPv1 is classified as non-secure.
Make use of the possibility to prevent write access. The product offers corresponding
settings for this.
● If SNMP is activated, change the community names. If unrestricted access is not
necessary, limit access via SNMP.
● Use secure protocols if access to the device is not protected by means of physical
safeguards.
The following protocols provide secure alternatives:
HTTP → HTTPS
● To prevent unauthorized access to the device or network, set up appropriate safeguards
against non-secure protocols.
● Enable only the services (protocols) that will actually be used on the device. The same
applies to the installed interfaces/ports. Unused ports could be used to access the
network downstream from the device.
To Next Page
Loading...
